On April 12, 2023, the Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced proposed changes to HIPAA’s Privacy Rule with regard to reproductive health information. The proposed changes are set out in a...more
6/6/2023
/ Abortion ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Privacy Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
PHI ,
Pregnancy ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Roe v Wade ,
Women's Rights
HHS Releases Cybersecurity Guide -
On March 8, 2023 the Department of Health and Human Services released a cybersecurity implementation guide for the health care industry—the HPH Sector Cybersecurity Framework...more
Providers oftentimes ask how long they need to retain certain types of medical information. While there are some general rules regarding the timeframes for retaining medical information, the specific answer varies depending...more
10/18/2022
/ Data Retention ,
Document Destruction ,
Electronically Stored Information ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personal Information ,
PHI ,
Policies and Procedures ,
Record Retention ,
Regulatory Requirements
Cyber-attacks on health care entities are becoming increasingly frequent, and the resulting data breaches are often complex. In the event of a cyber-attack, health care entities and their business associates must adhere to...more
OCR Public Comment on Security Practices and Civil Monetary Penalties -
The Office for Civil Rights (“OCR”) is seeking information from stakeholders on two aspects of the Health Information Technology for Economic and...more
Helpful Hints -
ADPH Says Vaccine Administration is Limited at this Time The Alabama Department of Public Health issued a press release on January 11, 2021, urging Alabamians to have patience in receiving the COVID-19...more
1/29/2021
/ 1135 Waivers ,
Centers for Medicare & Medicaid Services (CMS) ,
Clinical Trials ,
Coronavirus/COVID-19 ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Right of Access ,
Stark Law ,
Vaccinations
WHAT MATTERS -
Department of Health and Human Services Office for Civil Rights announces the resolution of two major discrimination complaints against healthcare providers.
Originally Published in the Birmingham Medical...more
The Office for Civil Rights (“OCR”), the entity responsible for HIPAA compliance and enforcement, has issued a series of guidance documents regarding the interplay of HIPAA and the COVID-19 pandemic. The most recent guidance...more
Over the past several weeks, the Office for Civil Rights (“OCR”), the entity responsible for compliance with and enforcement of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
8/15/2019
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Electronic Medical Records ,
Failure to Comply ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Medical Records ,
OCR ,
PHI ,
Risk Assessment
The Office of Civil Rights (“OCR”) is the federal agency that oversees compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”). In that regard, among other...more
5/10/2019
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Risk Mitigation
The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) was hard at work at the end of 2018—emphasizing the active efforts we have seen for the past few years from OCR. Below is a brief summary of some...more
3/7/2019
/ Comment Period ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Mental Illness ,
OCR ,
Opioid ,
Personal Data ,
PHI ,
Privacy Policy ,
Value-Based Care
In the age of electronic medical records and ransomware attacks, recent focus with regard to HIPAA compliance seems to be on electronic security. How are your electronic medical records stored? Do you require two-factor...more
7/11/2018
/ Cyber Attacks ,
Data Breach ,
Electronic Devices ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
In light of the recent incident in Las Vegas, the Office of Civil Rights (“OCR”), the government entity responsible for HIPAA Compliance, issued clarification guidance on the ability of a health care provider to share...more
Every where you look these days, there seems to be another report of a cyber attack--attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more
7/18/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
2/13/2017
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
OCR ,
PHI ,
Ransomware ,
Reporting Requirements ,
Strict Compliance
In an effort to review and examine compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), the Department of Health and Human Services Office for Civil...more